"Grant Access to Okta Support"
is an Okta feature that facilitates troubleshooting between Okta Support and a Customer Administrator. When a Customer is engaged in the troubleshooting process with Okta Support it can be helpful if the Customer provides access to the Customer tenant (or org).
In the Okta Admin Console, beneath Settings -> Account:
When enabled, Okta Support will have access to your Okta tenant for 8 hours. This can be extended as needed. Support Access Limitations
- When this access is granted to Okta, it takes the form of an impersonation event.
- The Okta Support TSE's (Technical Support Engineer) impersonation access will be limited by the administrative power of the impersonated administrator.
- i.e. If an Okta Support TSE impersonates a Read-Only Admin, then the TSE will be only able to conduct RO Admin tasks in the Customer tenant.
- Additionally, no matter which Customer Admin is impersonated, the Okta Support TSE will NOT be able to leave the Okta Admin console of the Customer tenant and access that Administrator's Application Dashboard. (i.e. Granting impersonation access does NOT grant blanket Application access)
- Finally, all actions taken by an Okta Support TSE on behalf of a customer while impersonating a Customer Adminsitrator will be logged appropriately as an impersonation generated event.